These are chat archives for reactioncommerce/reaction

15th
Oct 2018
Lorenzo Campanis
@lcampanis
Oct 15 2018 17:11
@/all any update on how to disable graphql pls?
Allie Reilly
@acreilly
Oct 15 2018 18:08
Has anyone created a plugin for dynamic pricing?
Ticean Bennett
@ticean
Oct 15 2018 21:36
Hi @lcampanis, there’s not a configuration to disable GraphQL. The introduction of GraphQL didn't change the way that auth works in the previously existing Meteor code. Could you provide sanitized logs or other information?
Lorenzo Campanis
@lcampanis
Oct 15 2018 21:39
Hi @ticean the problem is that running RC on the cloud via docker actually fires POST requests to graphql-alpha which are failing with a 401, hence making it impossible to password secure a dev/qa environment with htaccess
Ticean Bennett
@ticean
Oct 15 2018 21:40
Which process is making the POST requests?
Lorenzo Campanis
@lcampanis
Oct 15 2018 21:40
Looking at the code I would expect to set graphQL.graphiql: false and not have GraphQL run at all
one sec
getShopId
Ticean Bennett
@ticean
Oct 15 2018 21:41
@lcampanis Yes, I understand. There could be such a flag, but we’re moving toward GraphQL so it hasn’t been discussed to do that. I’d recommend a feature request in the reaction Github repo.
Lorenzo Campanis
@lcampanis
Oct 15 2018 21:42
okay, so to get around that, we setup Apollo to run anyway?
Ticean Bennett
@ticean
Oct 15 2018 21:42
But, I’m interested in you’re problem as I’d like to make sure that there’s nothing in the setup that’s blowing things up.
Lorenzo Campanis
@lcampanis
Oct 15 2018 21:43
hmmmm, actually I think that the problem lies on the htaccess authentication to start
Ticean Bennett
@ticean
Oct 15 2018 21:43
@lcampanis could you link to code in Github where the call is made?
I *think things should be isolated in the respective frontends. Meaning that only the starterkit frontend is making GQL requests.
General htaccess would make sense. Please let me know what you find.
Lorenzo Campanis
@lcampanis
Oct 15 2018 21:45
I'm not sure where it's fired, but looking at the local instance, and QA which is failing it's the first call with operationName: "getShopId"
401 is Unauthorized, so we'll try passing Auth headers wherever the calls are made, if you have any ideas let us know as we're trying to figure things out as well
Ticean Bennett
@ticean
Oct 15 2018 21:46
You see the happening from the browser client? Directly to the GQL endpoint?
Lorenzo Campanis
@lcampanis
Oct 15 2018 21:47
yes
image.png
Ticean Bennett
@ticean
Oct 15 2018 21:47
Thanks, that’s helpful.
Lorenzo Campanis
@lcampanis
Oct 15 2018 21:49
calls would need authorization: Basic ...... passed as well (when auth exists)
yes that's it, so if you know where the calls are happening (as I'm getting acquainted still with it all) then just passing authorization: Basic ... will work..
Ticean Bennett
@ticean
Oct 15 2018 21:52
@lcampanis got a reminder from the team that some interface components in the Meteor frontend were updated to communicate with GraphQL, so this is expected.
Lorenzo Campanis
@lcampanis
Oct 15 2018 21:52
that's okay, if Auth headers are passed as well we should be okay
Ticean Bennett
@ticean
Oct 15 2018 21:52
Unclear to me at which point the 401 is happening. Like you said, it may be at your .htaccess and the basic headers must be added.
Cool. I think your idea would solve. Let me know if you need to bounce ideas.
Lorenzo Campanis
@lcampanis
Oct 15 2018 21:54
unlikely to be from htaccess, it's just the calls to GraphQL don't take into account Authorization. can you point me to where POST calls are fired?
Ticean Bennett
@ticean
Oct 15 2018 21:56
Seems that the .htaccess is blocking on the async calls? Or maybe interfering with your basic config. Could you inspect the headers on the getShopIdGQL request?
Would help to know which auth headers are on that request.
Lorenzo Campanis
@lcampanis
Oct 15 2018 21:59
Actually I see the Auth header being set there as well
:authority: qa
:method: POST
:path: /graphql-alpha
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-GB,en;q=0.9,fr;q=0.8,en-US;q=0.7,el;q=0.6
authorization: Basic bXVtYmxpZGV2OiFNdW1ibGkyMDE4IQ==
cache-control: no-cache
content-length: 169
content-type: application/json
cookie: __utmc=215075595; __utmz=215075595.1537080272.12.3.utmcsr=box2037.temp.domains|utmccn=(referral)|utmcmd=referral|utmcct=/; _ga=GA1.2.1985985878.1532713277; amplitude_id_02114cfed25064e5386c073f94ff07dfmumbli.com=eyJkZXZpY2VJZCI6IjU2MTJmMjljLWJmMTMtNDE3NC1iZmNjLTg0MDQwNGQzY2Y1OFIiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTUzNzA4NDU1NDk4MSwibGFzdEV2ZW50VGltZSI6MTUzNzA4NTg3MzQ4NCwiZXZlbnRJZCI6MCwiaWRlbnRpZnlJZCI6MCwic2VxdWVuY2VOdW1iZXIiOjB9; __utma=215075595.1985985878.1532713277.1537080272.1537089736.13; __utmc=173618979; __utmz=173618979.1539531379.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); i18next=en; __utma=173618979.1985985878.1532713277.1539531379.1539639581.2; __utmt=1; __utmb=173618979.1.10.1539639581
meteor-login-token: QpNEKHowOdg3xTcT-d79Ya2mbVWLhZs1xhqLXL9YCY4
origin: https://qa
pragma: no-cache
referer: https://qa
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Response: Unauthorized
Ticean Bennett
@ticean
Oct 15 2018 22:01
Ok, I see. So, you’ve got two systems that are trying to use the Authorization header. The .htaccess expects Authorization: Basic … and GraphQL is expecting Authorization: Bearer ….
Lorenzo Campanis
@lcampanis
Oct 15 2018 22:07
okay I see, now imagine this is the simplest setup you can have
1 htpasswd file with user:password in it, that's it. Pass this to docker nginx-proxy with
volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - /etc/nginx/certs:/etc/nginx/certs:ro
      - /etc/nginx/vhost.d:/etc/nginx/vhost.d
      - /etc/nginx/htpasswd:/etc/nginx/htpasswd
      - /usr/share/nginx/html
Ticean Bennett
@ticean
Oct 15 2018 22:08
Oops, accidentally erased a previous message… Not sure what your best option for avoiding the header conflict would be.
Lorenzo Campanis
@lcampanis
Oct 15 2018 22:08
I'll take another look, if you guys get any ideas let us know..
Thanks!
Ticean Bennett
@ticean
Oct 15 2018 22:09
I think the problem is that the GraphQL endpoint is getting the Authorization header, but it contains BASIC info. It’s doesn’t find a token with that info so fails with 401.
Lorenzo Campanis
@lcampanis
Oct 15 2018 22:10
okay that's helpful, we'll take another look and keep you posted
Ticean Bennett
@ticean
Oct 15 2018 22:10
:thumbsup: Thanks @lcampanis.